Overview

overview

10

Static

static

8

c2e5f1d7d6...1d.xls

windows7-x64

10

c2e5f1d7d6...1d.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c2e5f1d7d6f695ce05e13a78e371771d

  • Size

    166KB

  • Sample

    230214-x8ec8afa9z

  • MD5

    c2e5f1d7d6f695ce05e13a78e371771d

  • SHA1

    00ef694207dd24bcec1b8d851b936f065df0972a

  • SHA256

    41d16f38f7fcd1569f05c1b17dd869168ece6a626b65bbd2df1cd9a08b4fdb25

  • SHA512

    2fb3040123ffea0b4ec3a9a37b37559bab89ca823b71727f4815eef2f203b68ba8aa279795f2f611861c23a29e202a0fc0007bd21433a683e1927c7078a9439b

  • SSDEEP

    3072:6Ok3hOdsylKlgryzc4bNhZFGzE+cL2knL/Qfe3J2jcc0lbxOGiJtXwmyypRyT:6Ok3hOdsylKlgryzc4bNhZF+E+W2knLt

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      c2e5f1d7d6f695ce05e13a78e371771d

    • Size

      166KB

    • MD5

      c2e5f1d7d6f695ce05e13a78e371771d

    • SHA1

      00ef694207dd24bcec1b8d851b936f065df0972a

    • SHA256

      41d16f38f7fcd1569f05c1b17dd869168ece6a626b65bbd2df1cd9a08b4fdb25

    • SHA512

      2fb3040123ffea0b4ec3a9a37b37559bab89ca823b71727f4815eef2f203b68ba8aa279795f2f611861c23a29e202a0fc0007bd21433a683e1927c7078a9439b

    • SSDEEP

      3072:6Ok3hOdsylKlgryzc4bNhZFGzE+cL2knL/Qfe3J2jcc0lbxOGiJtXwmyypRyT:6Ok3hOdsylKlgryzc4bNhZF+E+W2knLt

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks